diff --git a/consul/config.go b/consul/config.go
index 62ebff6..e07c55e 100644
--- a/consul/config.go
+++ b/consul/config.go
@@ -51,6 +51,7 @@ type Downstream struct {
 	Protocol         string
 	TargetAddress    string
 	TargetPort       int
+	EnableForwardFor bool
 
 	TLS
 }
diff --git a/consul/watcher.go b/consul/watcher.go
index ab7b343..6e4311f 100644
--- a/consul/watcher.go
+++ b/consul/watcher.go
@@ -33,6 +33,7 @@ type downstream struct {
 	Protocol         string
 	TargetAddress    string
 	TargetPort       int
+	EnableForwardFor bool
 }
 
 type certLeaf struct {
@@ -118,15 +119,15 @@ func (w *Watcher) handleProxyChange(first bool, srv *api.AgentService) {
 		if c, ok := srv.Proxy.Config["protocol"].(string); ok {
 			w.downstream.Protocol = c
 		}
-	}
-
-	if srv.Connect != nil && srv.Connect.SidecarService != nil && srv.Connect.SidecarService.Proxy != nil && srv.Connect.SidecarService.Proxy.Config != nil {
-		if b, ok := srv.Connect.SidecarService.Proxy.Config["bind_address"].(string); ok {
+		if b, ok := srv.Proxy.Config["bind_address"].(string); ok {
 			w.downstream.LocalBindAddress = b
 		}
-		if a, ok := srv.Connect.SidecarService.Proxy.Config["local_service_address"].(string); ok {
+		if a, ok := srv.Proxy.Config["local_service_address"].(string); ok {
 			w.downstream.TargetAddress = a
 		}
+		if f, ok := srv.Proxy.Config["enable_forwardfor"].(bool); ok {
+			w.downstream.EnableForwardFor = f
+		}
 	}
 
 	keep := make(map[string]bool)
@@ -348,6 +349,8 @@ func (w *Watcher) genCfg() Config {
 			TargetAddress:    w.downstream.TargetAddress,
 			TargetPort:       w.downstream.TargetPort,
 			Protocol:         w.downstream.Protocol,
+			EnableForwardFor: w.downstream.EnableForwardFor,
+
 			TLS: TLS{
 				CAs:  w.certCAs,
 				Cert: w.leaf.Cert,
diff --git a/haproxy/state/downstream.go b/haproxy/state/downstream.go
index b13b4d7..7bc2e54 100644
--- a/haproxy/state/downstream.go
+++ b/haproxy/state/downstream.go
@@ -74,6 +74,13 @@ func generateDownstream(opts Options, certStore CertificateStore, cfg consul.Dow
 
 	state.Frontends = append(state.Frontends, fe)
 
+	var forwardFor *models.Forwardfor
+	if cfg.EnableForwardFor && beMode == models.BackendModeHTTP {
+		forwardFor = &models.Forwardfor{
+			Enabled: stringp(models.ForwardforEnabledEnabled),
+		}
+	}
+
 	// Backend
 	be := Backend{
 		Backend: models.Backend{
@@ -81,6 +88,7 @@ func generateDownstream(opts Options, certStore CertificateStore, cfg consul.Dow
 			ServerTimeout:  &serverTimeout,
 			ConnectTimeout: &connectTimeout,
 			Mode:           beMode,
+			Forwardfor:     forwardFor,
 		},
 		Servers: []models.Server{
 			models.Server{
diff --git a/haproxy/state/utils.go b/haproxy/state/utils.go
index b613150..acee1da 100644
--- a/haproxy/state/utils.go
+++ b/haproxy/state/utils.go
@@ -23,3 +23,7 @@ func int64p(i int) *int64 {
 	s := int64(i)
 	return &s
 }
+
+func stringp(s string) *string {
+	return &s
+}